Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Medical device cyber attacks on rise


Cyber threats pose a growing danger to companies and individuals and the risks are constantly evolving like a moving target but recently, it has been seen that the cyber thieves are targeting more of medical devices to get their hands on sensitive information. According to KPMG’s 2015 survey, over the past two years, 81 percent of health care organizations were the victims of cyberthreats and had their data compromised.

 Hackers exploit internet connected devices which have poor cyber threat monitoring, cyber security policies and weak data access controls as well as inadequate device disposal practices.

 From the Banner Health data breach in Phoenix to the Excellus BlueCross BlueShied breach in 2015 leaking data back from 2013 to the breach of 11 million subscribers of Premera, experts consider the issue serious enough which is not going away anytime soon.

 Some common types of cyber attacks on devices include:

 Web application attacks-In this type of attack thieves access information through third-party applications.

 Malware infection-In this attack, hackers release malware, including viruses, worms and spyware on devices that can steal information.

 Ransomware-In this attack a hacker demands monetary payment to unlock a malware on a device.

 Though health care companies are concerned with the issue but they do little to protect their data. It’s high time that device makers and healthcare organizations that use medical devices should increase their cyber security to avoid the sensitive data of being leaked. Earlier this year, the U.S. Food and Drug Administration released new guidelines that encouraged medical device makers to implement practices to improve the cyber security of their products, including sharing cyber threat information with other manufacturers.

 Experts have recommended organizations to implement new FDA guidelines by following ‘one policy’ approach which will allow addressing cybersecurity through a single policy across all departments. This will involve building stronger device access controls, conducting assessments on a habitual basis and implementing ongoing software updates.

 Other than the above method, organizations can also build cyber security features into new products, enforce stronger device access controls and only authorize access to employees who require it and establishing set procedures for dealing with any vulnerability found in the routine assessment conducted in the organization.

 Many organizations take little measures until they become the victims themselves but all these measures are important because one in three Americans are victims of health care data breaches. If this is the condition of the biggest power and the most advanced country in the world, the health care organizations of other countries surely will need to be on their toes against cyber attacks.
Read more »

YouTubers charged over video game gambling site

Two  men YouTubers have appeared in court charged with unlawful Gambling Act, first prosecution  involving  gambling on video game sites.

Craig Douglas (NepentheZ), a prominent FIFA YouTuber, and Dylan Rigby, owner of the now deactivated FUTgalaxy channel, both from Essex are charged with promoting an unlawful gambling, while Douglas is also charged with inviting children to gamble.

According to the BBC report, “The two men appeared at Birmingham Magistrates’ Court. The case has been adjourned until 14 October.

The Gambling Commission, which brought the prosecution, has been looking into the rise of video game gambling.

It is warning parents that children can be drawn into betting on so-called skins - virtual goods such as weapons or clothes that are a feature of many popular games.”

The nearly worth of   £4bn is being  generated around the world in betting on video games. 
Read more »

Blizzard again hit with DDoS attack, gamers furious


Blizzard’s Battle.net servers are experiencing issues third time in a week that is keeping players offline but this time, the publisher has revealed this is the result of a distributed denial-of-service cyber attack.

 The attack has knocked down gamers of Overwatch, World of Warcraft, Hearthstone: Heroes of Warcraft, and more. Players on PC, as well as consoles like Xbox One and PlayStation 4, are all encountering difficulties thus complaining them on social media.

 On Twitter, the publisher has updated its official customer-service account to confirm the problem:

 “We are currently monitoring a DDOS attack against network providers which is affecting latency/connections to our games,” wrote BlizzardCS on Sunday (September 18).

 Poodle Corp, a splinter organization of Lizard Squad that specializes in taking down servers of large companies, is claiming responsibility for the attack. In a tweet, Poodle Corp said it would release Blizzard's servers if 2,000 retweets were met.

 Poodle Corp subsequently ended its attack.

 Blizzard has been subject to password hacks in the past and in late-August, a similar attack had knocked down its servers.
Read more »

HC keeping an eye on new WhatsApp privacy policy

(pc-Google images)
Awaiting the decision from the Supreme Court constitution bench on making right to privacy a fundamental right or not, a PIL has been filed against WhatsApp that challenges it's new privacy policy; introduced to its users on the 25th of August.

FACEBOOK-WHATSAPP DATA SHARING TARGETTED 
Delhi High Court, while hearing the public interest litigation against the messaging service, asked to submit it's response regarding the complaint to state whether it's new policy is violating the right to privacy. The court sought clarity from WhatsApp and Facebook on data sharing pact between the two multimillion corporations. Earlier the court had issued notice to the Centre seeking its response. Telecom Regulatory Authority of India informed the High Court that the government has no jurisdiction over the independent messaging service WhatsApp.

SHARING RESTRICTED TO ONLY NAMES AND NUMBER 
Representing the messaging service WhatsApp in India, Senior Counsel Siddharth Luthra has stated in front of the High Court that the service provides end to end encryption, a service that is only to ensure safety of data shared, under which only phone number and name is shared with it's new parent organisation, Facebook. No data shared between users is retained by Whatsapp. The company has been asked to file an affidavit for the same by September 14.

PIL LAUNCHED 
The public interest litigation has allegedly stated that the new privacy policy permits WhatsApp to share data with Facebook and the users are do not have the real choice of opting out of sharing their personal information with third party like Facebook.

THE POLICY REMAINS UNDER DOUBT 
The plea clearly marks that WhatsApp new privacy policy just provides an opt out option from commercial content and advertisements. The second key point that the plea is enlightening is that WhatsApp policy on users who have stopped using the messaging service is not clear. It has not been mentioned properly what the company does with the data of previous consumers who have stopped using WhatsApp. The public interest litigation filed by Karmanya Singh and Shreya Sethi alleges WhatsApp policy violating the right to privacy.

Delhi HC will hear the matter next on September 21 as WhatsApp new policy comes into effect on September 25.
Read more »

APPLE UPDATES ON THE 'BRICKING' FLAW

(pc-Google images)
Apple is finally claiming that it has finally solved the bricking issue that users have been facing upon the new iOS 10 update.

Complaints have been pouring in from iPhone and iPad users after getting updated to the new and much anticipated iOS 10 update on the social media after the software was made available on Tuesday.

Discussion on various forums related to this issue were trending on social media - but Apple claimed that it was limited to a “small number of users”.

Bricking is a term used to describe devices that have been rendered unusable due to a software or hardware fault - as in, the device is as useful to you as a brick would be.

The firm has apologised to the affected customers ensuring a quick solution to the problem.

"We experienced a brief issue with the software update process, affecting a small number of users during the first hour of availability,” an Apple spokeswoman informed in an emailed statement.

"The problem was quickly resolved and we apologise to those customers.

"Anyone who was affected should connect to iTunes to complete the update or contact AppleCare for help."

The roll out of iOS 10 comes a week prior to the iPhone 7 sale. In the mean time, existing owners of Apple devices vented their frustration at the problem.

"Currently sitting here with a bricked iPhone full of photos with a recent family visit,” wrote Courtney Guertin on Twitter.

It is not the first time Apple has had teething problems in rolling out major updates. Earlier when users tried to update to iOS 5 back in 2011, the high demand appeared to be behind users in getting multiple error messages while downloading the update. Also, in February this year, Apple got issues after an update started bricking devices which had been repaired by a company other than Apple.

Apple apologised for the problem and issued a software update to fix the issue. It said Error 53, as it became known, was in fact security measure designed to make sure the fingerprint sensor on the device had not been tampered with.
Read more »

Media Houses sue FBI for details on iPhone hacking tool

The Associated Press and two other news organizations have sued the FBI to learn about the details of the agency who got paid by the government for hacking into an iPhone of the San Bernardino killer's earlier this year.

The lawsuit was filed by the AP, Gannett (which owns USA Today), and Vice Media on 16 September 2016,  in federal court in Washington under the Freedom of Information Act. It "seeks records about the FBI's contract with an unidentified vendor who provided a tool to unlock the phone belonging to Syed Rizwan Farook," the AP said.

According to the AP, the suit argues that "Understanding the amount that the FBI deemed appropriate to spend on the tool, as well as the identity and reputation of the vendor it did business with, is essential for the public to provide effective oversight of government functions and help guard against potential improprieties." 

A month after FBI has rejected information on records requests from the news organizations saying that it could affect "enforcement proceedings." The media organizations filed a complaint against the agency claiming that "there was no legal basis to withhold the information," and that "the public has a right to know whether the vendor has adequate security measures, is a proper recipient of government funds, and will act only in the public interest."

However, FBI spokesman Chris Allen declined to comment on the pending litigation.
Read more »

Russia bans two more porn sites

Access to two of the world's largest pornography websites has been blocked by the Russian media watchdog, Roskomnadzor. Internet Service providers have time until Tuesday to implement the ban.

The websites have now  displayed a message "by a decision of public authorities" on their homepage explaining why they have blocked the users.

Previous year, 11 popular porn websites were blocked by the authorities as most of them
failed to protect children "from information harmful to their health".

After the ruling by two separate courts that the websites "spread pornography," the decision was taken to ban the two porn websites.

In Russia, and it is very unusual for them,  Sexual explicit contents are not outlawed, but this law  bans  "the illegal production, dissemination, and advertisement of pornographic materials and objects".

Roskomnadzor, the government agency which maintains the list of the blocked websites includes thousands of them.

They even blacklisted Wikipedia at one point of time.

There has been outburst over the ban from  open rights campaigners and  warned that local ban can be defeated.

"Blocking porn is the fastest way to ensure widespread adoption of censorship circumvention in your country," said Eva Galperin, a global policy analyst at the Electronic Frontier Foundation.

While one of the affected porn sites offered Roskomnadzor a premium subscription in exchange for lifting the ban, but they refused the offer and  said that it was "not in the market" for such an offer.

Read more »

EU promises free Wi-Fi to all


To expand its digital initiatives, the European Commission has planned to provide free wi-fi in all the public spaces across its member's states within four years. The EU has a budget of €120 million set for this.

The commission will provide the set budget to subsidize the purchase and installation of Wi-Fi hotspots in 6,000 or more locations, but the provision of bandwidth and ongoing maintenance will be left to the local communities.

The project, WIFI4EU (Wi-Fi for EU) was announced by the president of the European Union's executive body, Jean-Claude Juncker, in his annual state of the union address on Wednesday (September 14) which aims to put free Wi-Fi hotspots open to all EU citizens in parks, squares, libraries and other public buildings.
The hotspots will be open to all EU citizens, although given the budget it's unlikely many of them will be able to get a signal without a long walk. In many towns and cities, people can already find free wi-fi on the High Street.

If local park or library already offers a paid Wi-Fi service, then the EU subsidy isn't going to change anything. Projects that compete with a similar, existing private or public Wi-Fi offering will not be funded.

Juncker also announced that at least one city in each EU country will be deployed by the 5G mobile network by 2020.

This initiative would be crucial in rural areas where cellular networks are spotty or non-existent, and local organizations don't always have the means to offer free WiFi hotspots. If a €120 million ($135 million) grant receives approval, communities would have access to the funds before the end of 2017.

Till 2025, EU has set some goals regarding the project which include minimum download speed of 100Mbps for all European households, minimum download and upload speeds of 1GBps for all hospitals, administrations and other public services reliant on digital technologies and uninterrupted 5G access for all major roads and railways.

The commission hopes to serve thousands of connections daily. If one connection represents one user, its goal is to connect almost one-tenth of the EU's population each day.

However, there is a doubt if the public would benefit or not as European officials have been struggling to deliver an earlier promise to abolish mobile roaming fees.

The EU is also committed to its promises of erasing borders for media services, too. It wants to make content accessible across the Union so that the content is not limited in one’s home country. People can watch German Netflix shows while visiting France, for example. They could also buy pay-TV movies and similar material from other countries, some of which might well be less expensive than it is at home. Broadcasters would still have control over whether or not their content is available in other countries.

The new pledges may not apply to the UK because it may have quit the EU before the end of the decade.

With this proposal, there are copyright changes which are disturbing Google. The proposal would require better data sharing and transparency for creators, but it would also give press publishers rights that ensure they get a "fair share" of revenues for material they post online. This law is similar to ones in Germany and Spain which ask search engines like Google to pay up when they show an article snippet in their results. The EU contends that this is necessary to make sure writers are "paid fairly," but Google unsurprisingly objects. It believes that the German and Spanish laws "failed," and that these demands for payment ultimately hurt publishers by giving web users fewer reasons to click through to an article.


Moreover, the proposal requires that content uploaded on YouTube is copyrighted. While this does include "content recognition technologies" (possibly a reference to YouTube's Content ID), Google is worried that the measure would require screening content before it goes public, which would demand far more work and investigation.

The proposal needs to clear both the European Parliament and individual governments to go forward. It may take a long time before the initiative takes effect without any significant changes. The initiative if applied would give a different digital landscape to entire Europe but there's a concern that Google and others like it might scale back their European presence rather than make the effort to comply with new copyright laws.
Read more »

Russian hackers leak US Rio Medalist Medical Files


A group of Russian hackers linked to the government known as Fancy Bear has posted a data of Olympic drug-testing files of four U.S. athletes, including tennis players Venus and Serena Williams and gymnast champion Simone Biles. The data shows the star US Olympic athletes were allowed to take banned substances by anti-doping bosses. The World Anti-Doping Agency (Wada) has condemned Russian hackers for leaking confidential medical files.

Fancy Bear, also known as Tsar Team (APT28) had hacked the database of Olympic athletes for the 2016 Rio games but had no comment on whether the files posted were authentic though it claimed it had more information showing how 'tainted' Olympics medals have been won. "We are going to tell you how Olympic medals are won.

We will start with the U.S. team which has disgraced its name by tainted victories. We will also disclose exclusive information about other national Olympic teams later," read a post on the website, Fancybear.net.


The group claimed that Biles had tested positive for another banned substance, methylphenidate in August after but also had special dispensation to use it. The Rio Olympics quadruple gold medalist said she had long been taking medicine for Attention Deficit Hyperactivity Disorder. The hacker group had accused her of taking an "illicit psychostimulant", but she said she had "always followed the rules". However, the International Tennis Federation said the Williams sisters had been given permission to use the drugs for 'therapeutic use'. The hackers alleged Serena Williams had taken painkillers and anti-inflammatories. Both the International Federation of Gymnasts and the International Tennis Federation said no rules had been broken.

NBC news reported the hack was part of the same covert influence campaign by the Putin regime to target numerous U.S. government, political organizations and other perceived enemies and potentially disrupt the November election. U.S. officials have linked Fancy Bear to GRU, the Russian military intelligence agency.

The hack on the WADA is thought to have been carried out in revenge for Russia being banned from the Olympics in Rio. Russian athletes were banned from the Rio Olympics and Paralympics after WADA's recommendation to ban them due to evidence of widespread doping.

The Kremlin was furious at the treatment of its athletes in Rio with some accusing Olympic chiefs of operating 'double standards' in banning Russian athletes while allowing US athletes previously found guilty of doping to compete. However, Russian government spokesman Dmitry Peskov said it was "out of the question" that the Kremlin or secret services were involved in the hacking.

In a statement Tuesday (September 13), WADA confirmed a broad cyber-penetration of its Anti-doping Administration and Management System, known as the ADAMS database. The hacktivists had illegally gained access via an International Olympic Committee (IOC)-created account. The organization also added the attempt was to undermine WADA and the global anti-doping system.

A post on the website said a review of hacked WADA files showed "that dozens of American athletes had tested positive" for banned substances, in cases in which they had been given official approval to use them due to extenuating circumstances.

Many athletes will now be nervously wondering if their private medical details records are the next to be made public.

The International Olympic Committee said it 'strongly condemns such methods which clearly aim at tarnishing the reputation of clean athletes.

Now with the future of WADA, the fact its security was so badly compromised will raise more questions over the entire anti-doping system, especially after the account of Russian whistleblower Yuliya Stepanova was hacked last month.
Read more »

Cyber-security firm Claroty in Israel exit "stealth mode"

Cyber security start-up Claroty in Israel said that they raised $32 millions from funding and now they will no longer operate in a secrecy mode after operating in for the past two years.

The company's financial partners include Bessemer Venture Partners, Innovation Endeavors- run by Google chairman Eric Schmidt - Marker, ICV, Red Dot Capital Partners and Mitsui & Co.

Claroty was co-founded by Nadav Zafrir, a former head of the Israeli military's intelligence unit 8200 in 2014. Their main focus is on the protection of the operational technology network in securing critical infrastructure at industrial control systems such as power grids, steel mills and oil refineries.

"The reason these critical systems are increasingly exposed to cyber threats is twofold: Industrial and IT networks are becoming considerably more interconnected in order to achieve important business goals, but industrial control systems were originally designed with safety and resilience, not cyber-security, as primary objectives," said Amir Zilberstein, Claroty's CEO.
Read more »

911 emergency services can be knocked down by a mobile botnet


911 can only take so many emergency calls, especially when they’re fake.

 Researchers at the Cyber-Security Research Center at the Ben-Gurion University of the Negev in Israel have demonstrated that a theoretical botnet powered by 6,000 smartphones is enough to jeopardize the availability of 911 emergency services across the United States via telephony denial-of-service (TDoS) attack. Though this type of attack has yet to be seen, it could have catastrophic consequences were it ever carried out.

 When people in U.S. dial the 911 emergency number, their telecom provider connects them to the enhanced 911 (E911) network, which routes the call to the nearest public safety answering point (PSAP) which is the call center responsible for dispatching police, firefighting and ambulance services.

 Mordechai Guri, Yisroel Mirsky, Yuval Elovici of Ben-Gurion University have determined that bad actors can leverage botnet to launch a distributed denial-of-service (DDoS) attack against 911 services.

 To do so, attackers need only exploit the FCC's E911 First Report and Order (1996), which states wireless carriers must transmit all emergency calls to PSAP regardless of whether they are subscribers to a mobile network.

 Each 911 call placed by a wireless phone is picked up by a cell tower linked to a base station controller (BSC). The BSC transfers the call to a mobile switching center (MSC), which is connected to a selective router (SR). The SR delivers the call to a PSAP.

 In the scenario described by researchers, a network of android phones infected with a specific type of malware (malicious SMS/MMS, malvertising campaigns, or malicious apps) would be triggered via command and control (C&C) servers to automatically call 911 on repeat. The volume of calls would quickly overwhelm one or multiple public answering points and essentially make it impossible for anyone else to contact emergency responders to request assistance.

 There are three types of bots: non-anonymized, anonymized and persistent anonymized. Non-anonymized bots don’t make an effort to disguise the calling device’s IMSI and IMEI identifiers, making attacks easier to block.

 The researchers accomplished particular bot implementations by infecting the baseband firmware with a rootkit.

 The researchers estimated only 6,000 infected phones were enough to disrupt services statewide in an area of the size of North Carolina while it would only take an estimated 200,000 phones to disrupt the entire nationwide network.

 Recognizing and stopping this type of attack is a challenge due to specific FCC regulations that require wireless carriers to automatically forward 911 calls without first identifying the caller and verifying their subscription status. This makes TDoS attacks launched from mobile devices more difficult to mitigate as attackers can randomize the phone’s identifiers in an effort to prevent blacklisting.

 More bots mean more firepower, so with a botnet numbering in the hundreds of thousands of infected devices, an attacker could potentially wreak havoc across the United States' entire 911 framework, but some experts are not very concerned. This is not the first time this type of attack has been acknowledged. In 2014, at the DefCon hacking conference, researchers disclosed potential vulnerabilities in the 911 emergency system and proposed solutions for addressing existing issues.

 The Department of Homeland Security awarded the University of Houston a $2.6 million grant last year to develop technology designed to insulate emergency responder networks from DDoS attacks.

 Motivated attackers would need to carry out a coordinated long-term strategy in order to make it viable.
Read more »
Subscribe to: Comments (Atom)